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EXAMINER S ANSWER 



This is in response to the appeal brief filed 5/30/2006 appealing from the Office 
action mailed 1/13/2006. 
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(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial 
proceedings which will directly affect or be directly affected by or have a bearing 
on the Board's decision in the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection 
contained in the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

The appellant's statement of the grounds of rejection to be reviewed on appeal is 

correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is 
correct. 
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(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 



6,931,402 


PEREIRA III 


8-2005 


6,466,918 


SPIEGEL 


10-2002 


5,784,566 


VIAVANT 


7-1998 


6,157,707 


BAULIER 


12-2000 


5,708,422 


BLONDER 


1-1998 



(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 



Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



Claims 1, 4-6, 18-20, 23-25, 37-39, and 45 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Pereira III US 6,931,402 in view of Viavant US 
5,784,566. 
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As per claims 1, 19, 20, 38, and 39, Pereira III teaches storing business rules for a 
plurality of users of different companies, (Col 3 lines 25-34). Pereira III teaches 
receiving a message from a user requesting access to online resources, (Col 3 
lines 44- 47). Pereira III teaches retrieving the rules according to the user, (Col 3 
line 64 - Col 4 

line 5). Pereira III teaches identifying the company associated with online 

resources, (Col 4 line 53, Col 5 lines 27-37). Pereira III teaches access control 

rules, but does not specify the authentication methods used. 

Viavant teaches a security system for a user to access data over a network (Col 5 

lines 10-32). Viavant teaches determining whether a request requires 

authentication, (Col 6 lines 38-43, Col 6 line 67-Col 7 line 4). 

Viavant teaches obtaining an indicia of physical identification (fingerprint) if 

authentication is required, (Col 5 line 1, Col 5 lines 44-46). Viavant teaches 

authenticating the indicia of physical identification, (Col 7 lines 1 1-40). 

It would have been obvious to include the security system of Viavant in the access 

system of Pereira III because it increases the network communication security. 

As per claims 4-5, 23, and 24, Viavant teaches indicating whether authentication 
is required or not for access to different servers, (Col 6 lines 37-43). 
As per claims 6, and 25 Viavant teaches completely denying access, (Col 6 lines 
66, 67 Col 7 lines 34, 35). 

As per claims 18, 37, and 45, Viavant teaches that the indicia is a biometric 
sample, (Col 5 line 1). 
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Claims 2, 7, 8, 21, 26, 27, 40 and 43 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Pereira III US 6,931,402 in view of Viavant US 
5,784,566 in view of Baulier 6,157,707. 

As per claims 2, 21, and 40, the previous Pereira III-Viavant combination does 
not teach a scoring method to determine if the request requires authentication. 
Baulier teaches a scoring method of determining whether of not a user is required 
to be authenticated, (Col 10 lines 7-24). Baulier teaches that the users history 
patterns are employed, (Col 6 lines 26-30, Col 9 lines 62-64). 
It would have been obvious to on skilled in the art to use a scoring system to 
determine whether authentication was required because it reduces costs and fraud, 
(Baulier Col 3 lines 5-10). 

As per claims 7, 8, 26, 27, and 43 the previous Pereira III-Viavant combination 
does not teach determining fraudulent behavior. 

Baulier teaches detecting fraud based on a collision or velocity violation, (Col 6 
lines 50- 67). Baulier teaches a user profile to determine fraudulent behavior, (Col 
5 lines 47-58). 

It would have been obvious to one of ordinary skill in the art to add the fraud 
detection of Baulier to the biometric authentication system of Viavant because 
fraud is a significant financial problem. 
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Claims 10-16, and 29-35 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Pereira III US 6,931,402 in view of Viavant US 5,784,566 
in view of Blonder US 5,708,422. 

As per claims 10-13, and 29-32 the previous Pereira III- Viavant combination does 
not teach other criteria of authorization if authentication is not required. 
Blonder teaches other criteria of authorization using a card transaction including 
frequency of use, (Col 6 lines 28-37). Blonder teaches a card transaction with 
restrictions 

and denying the transaction if the restrictions (frequency of use) are not satisfied, 
(Col 10 lines 8-20). Blonder teaches that the restrictions may be applied to credit 
card 

transactions or debit card account transactions, (Col 4 lines 53-66). 

It would have been obvious to one skilled in the art to add the account restrictions 

of Blonder to the biometric authentication system of the Pereira III- Viavant 

combination because Blonders system helps prevent financial fraud. 

As per claims 14, and 33 the Pereira III- Viavant combination teaches an account 

that restricts an account associated with a user, (Col 4 lines 40-50). The Pereira 

III-Viavant combination does not teach determining an account transaction. 

Blonder teaches that the restrictions may be applied to credit card transactions or 

debit card account transactions, (Col 4 lines 53-66). 

As per claims 15, 16, 34, and 35 the Pereira III-Viavant combination teaches an 
account that restricts an account associated with a user, (Col 4 lines 40-50). 
Pereira III-Viavant combination does not teach parental control. 



Application/Control Number: 09/80 1,468 
Art Unit: 2134 



Page 7 



Blonder teaches parental control of a transaction, (Col 5 lines 18-24). 

Claims 46-51 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Pereira III US 6,931,402 in view of Viavant US 5,784,566 in view of Baulier 
US 6,157,707 in view of Spiegel US 6,466,918. 

As per claims 46-5 1 , the previous Pereira III- Viavant-Baulier combination 
teaches using a scoring system for authentication. Pereira III-Viavant-Baulier 
does not teach weighing scores. 

Spiegel teaches a method of weighing scores based on user activity and user 
history (Col 13 lines 40-50, Col 14 lines 1-7). 

Spiegel teaches that system administrators may alter the weights, (Col 13 lines 
43-45). It would have been obvious to one of ordinary skill in the art to add the 
weighing method of Spiegel to the scoring method of Pereira III-Viavant-Baulier 
because not all factors in the decision to authenticate are of equal value. 

(10) Response to Argument 

I. Pereira III teaches controlling access to online company resources* 

Appellant asserts that Pereira III does not teach controlling access to online 
resources. The examiner asserts that Pereira III teaches controlling access per 
company. As is shown in column 3, lines 25-35, and column 5 lines 27-37, 
Pereira III teaches storing rules controlling access to a specific group of objects. 
In this instance, the database has the attribute of "company" and in the example 
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provided, gives user 3 conditional Read-Only access to Company A objects. 
Figure 3, shows object access control data, where each object is given a 
"company" property, so that data objects may be restricted based on said 
company and user. Therefore the access control rules (business rules) are stored 
associating a company with a requested online resource from among a plurality of 
companies (companies A, B, or C). When the data object is requested, the access 
rules (business rules) are retrieved to determine whether the requester should be 
granted access. While Pereira III does teach that the rules are applied to users, 
they are also the rules for the companies involved. Column 3 lines 25-35 show 
that esntire purpose of the invention is to avoid rule duplication of companies, thus 
the rules are the company rules. While teaching restricting access, and 
identification of a user, Pereira III does not explicitly state authentication. 

II. Viavant teaches authentication. 

Appellant argues that Viavant does not teach storing business rules or identifying 
a company associated with requested online resources. The appellant is correct 
with regards to this deficiency of Viavant. However the examiner does not rely 
on Viavant to teach such claim limitations. 

Appellant argues that because Viavant does not teach determining whether stored 
business rules for the identified company associated with the requested on-line 
resource indicates that authentication for the user is required, then the 
combination of Pereira III with Viavant does not teach the invention as claimed. 
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The examiner asserts that while teaching restricting access, and identification of a 
user, Pereira III does not explicitly state authentication, but does teach stored 
business rules for identified companies. Viavant teaches determining if 
authentication is required, and authentication methods in. It would have been 
obvious to one of ordinary skill in the art to use authentication in an access 
control system, and the combination of Pereira III and Viavant disclose the claim 
limitations. 

III. Baulier teaches Authentication Patterns. 

Appellant argues that Baulier does not teach storing authentication patterns with 
respect to a plurality of network elements. 

The examiner argues that Baulier teaches a subscriber signature which is 
representative of a subscribers calling pattern, (Col 6 lines 25-50). Baulier 
teaches that the signature may monitor a variety of caller patterns such as 
originating location, or number, and terminating number, (Col 6 lines 65-70), 
which make up the plurality of network elements in a network. Baulier teaches 
that the specifics of the communication patterns are retained on record, (Col 7 
lines 20-40). Furthermore, the term "the user's historical authentication patterns" 
is not used before the claim argued. Without context and interpreted with the 
broadest reasonable interpretation, a historical authentication pattern could be 
interpreted as the pattern made up of the current call, or a plurality of previous 
communication attempts. 
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IV. Spiegel teaches weighing scores. 

The appellant argues that Spiegel in combination with other references, does not 
teach a method of applying a weight to network elements based on relative 
importance and evaluating the user's historical relationship with said network 
elements. 

As before, the examiner asserts that "the user's historical relationship" is not used 
in any previous claim, and must be interpreted in the broadest reasonable manner. 

Spiegel teaches a method of relating a user to certain activities with weighted 
scores that are maintained in a history of scores, or an user profile in a database. 
While Spiegel does not need to teach network elements or any of the claim 
limitations that the other references in the combination state. In this combination, 
the weighted scores, and history of Spiegel are used with the fraud scores of 
Baulier so that the combination of the two allows for a fraud profile that does not 
need to treat every action equally. The score for the user may be based on scores 
from different network elements with varying scores, so that fraud may be better 
judged, and in the future, prevented. As the examiner stated in the office action, 
not all factors in the decision to authenticate are of equal value. 

(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the 
Related Appeals and Interferences section of this examiner's answer. 
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For the above reasons, it is believed that the rejections should be sustained 
Respectfully submitted, 
Christopher J. Brown 
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